diff options
Diffstat (limited to 'schema')
| -rw-r--r-- | schema/README.md | 5 | ||||
| -rw-r--r-- | schema/daemon_event_schema.json | 205 | ||||
| -rw-r--r-- | schema/error_event_schema.json | 179 | ||||
| -rw-r--r-- | schema/flow_event_schema.json | 1548 | ||||
| -rw-r--r-- | schema/flow_events_diagram.drawio | 1 | ||||
| -rw-r--r-- | schema/flow_events_diagram.png | bin | 0 -> 390233 bytes | |||
| -rw-r--r-- | schema/packet_event_schema.json | 122 |
7 files changed, 2060 insertions, 0 deletions
diff --git a/schema/README.md b/schema/README.md new file mode 100644 index 000000000..9eb4a8447 --- /dev/null +++ b/schema/README.md @@ -0,0 +1,5 @@ +# schema + +All schema's placed in here are nDPId exclusive, meaning that they are not necessarily representing a "real-world" JSON message received by e.g. `./example/py-json-stdout`. +This is due to the fact that libnDPI itself add's some JSON information to the serializer of which we have no control over. +IMHO it makes no sense to include stuff here that is part of libnDPI. diff --git a/schema/daemon_event_schema.json b/schema/daemon_event_schema.json new file mode 100644 index 000000000..3ac32156e --- /dev/null +++ b/schema/daemon_event_schema.json @@ -0,0 +1,205 @@ +{ + "type": "object", + "required": [ + "alias", + "source", + "thread_id", + "packet_id", + "daemon_event_id", + "daemon_event_name", + "global_ts_usec", + "version", + "ndpi_version" + ], + "if": { + "properties": { "daemon_event_name": { "enum": [ "init", "reconnect" ] } } + }, + "then": { + "required": [ "max-flows-per-thread", "max-idle-flows-per-thread", "reader-thread-count", "flow-scan-interval", "generic-max-idle-time", "icmp-max-idle-time", "udp-max-idle-time", "tcp-max-idle-time", "max-packets-per-flow-to-send", "max-packets-per-flow-to-process", "max-packets-per-flow-to-analyse" ] + }, + "if": { + "properties": { "daemon_event_name": { "enum": [ "status", "shutdown" ] } } + }, + "then": { + "required": [ "packets-captured", "packets-processed", "pfring_active", "pfring_recv", "pfring_drop", "pfring_shunt", "total-skipped-flows", "total-l4-payload-len", "total-not-detected-flows", "total-guessed-flows", "total-detected-flows", "total-detection-updates", "total-updates", "current-active-flows", "total-active-flows", "total-idle-flows", "total-compressions", "total-compression-diff", "current-compression-diff", "global-alloc-bytes", "global-alloc-count", "global-free-bytes", "global-free-count", "total-events-serialized" ] + }, + "properties": { + "alias": { + "type": "string" + }, + "source": { + "type": "string" + }, + "thread_id": { + "type": "number", + "minimum": 0, + "maximum": 31 + }, + "packet_id": { + "type": "number", + "minimum": 0 + }, + "daemon_event_id": { + "type": "number", + "minimum": 0, + "maximum": 4 + }, + "daemon_event_name": { + "type": "string", + "enum": [ + "invalid", + "init", + "reconnect", + "shutdown", + "status" + ] + }, + "version": { + "type": "string" + }, + "ndpi_version": { + "type": "string" + }, + + "max-flows-per-thread": { + "type": "number" + }, + "max-idle-flows-per-thread": { + "type": "number" + }, + "reader-thread-count": { + "type": "number" + }, + "flow-scan-interval": { + "type": "number" + }, + "generic-max-idle-time": { + "type": "number" + }, + "icmp-max-idle-time": { + "type": "number" + }, + "udp-max-idle-time": { + "type": "number" + }, + "tcp-max-idle-time": { + "type": "number" + }, + "max-packets-per-flow-to-process": { + "type": "number" + }, + "max-packets-per-flow-to-send": { + "type": "number" + }, + "max-packets-per-flow-to-analyse": { + "type": "number" + }, + + "packets-captured": { + "type": "number", + "minimum": 0 + }, + "packets-processed": { + "type": "number", + "minimum": 0 + }, + "pfring_active": { + "type": "boolean" + }, + "pfring_recv": { + "type": "number", + "minimum": 0 + }, + "pfring_drop": { + "type": "number", + "minimum": 0 + }, + "pfring_shunt": { + "type": "number", + "minimum": 0 + }, + "total-skipped-flows": { + "type": "number", + "minimum": 0 + }, + "total-l4-payload-len": { + "type": "number", + "minimum": 0 + }, + "total-not-detected-flows": { + "type": "number", + "minimum": 0 + }, + "total-guessed-flows": { + "type": "number", + "minimum": 0 + }, + "total-detected-flows": { + "type": "number", + "minimum": 0 + }, + "total-detection-updates": { + "type": "number", + "minimum": 0 + }, + "total-updates": { + "type": "number", + "minimum": 0 + }, + "current-active-flows": { + "type": "number", + "minimum": 0 + }, + "total-active-flows": { + "type": "number", + "minimum": 0 + }, + "total-idle-flows": { + "type": "number", + "minimum": 0 + }, + "total-compressions": { + "type": "number", + "minimum": 0 + }, + "total-compression-diff": { + "type": "number", + "minimum": 0 + }, + "current-compression-diff": { + "type": "number", + "minimum": 0 + }, + "global-alloc-bytes": { + "type": "number", + "minimum": 0 + }, + "global-alloc-count": { + "type": "number", + "minimum": 0 + }, + "global-free-bytes": { + "type": "number", + "minimum": 0 + }, + "global-free-count": { + "type": "number", + "minimum": 0 + }, + "total-events-serialized": { + "type": "number", + "minimum": 1 + }, + "global_ts_usec": { + "type": "number", + "if": { + "properties": { "daemon_event_name": { "enum": [ "init" ] } } + }, + "then" : true, + "else" : { + "minimum": 1000000 + } + } + }, + "additionalProperties": false +} diff --git a/schema/error_event_schema.json b/schema/error_event_schema.json new file mode 100644 index 000000000..41012f39c --- /dev/null +++ b/schema/error_event_schema.json @@ -0,0 +1,179 @@ +{ + "type": "object", + "required": [ + "alias", + "source", + "packet_id", + "error_event_id", + "error_event_name", + "threshold_n", + "threshold_n_max", + "threshold_time", + "threshold_ts_usec", + "global_ts_usec" + ], + + "if": { + "properties": { "error_event_name": { "enum": [ "Unknown datalink layer packet", "Unknown packet type" ] } } + }, + "then": { + "anyOf": [ + { "required": [ "layer_type" ] }, + { "not": { "required": [ "thread_id" ] } } + ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Unknown L3 protocol" ] } } + }, + "then": { + "anyOf": [ + { "required": [ "protocol" ] }, + { "not": { "required": [ "thread_id" ] } } + ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Packet too short", "IP4 packet too short", + "IP6 packet too short", "TCP packet smaller than expected", + "UDP packet smaller than expected", + "Captured packet size is smaller than expected packet size" ] } } + }, + "then": { + "anyOf": [ + { "required": [ "size", "expected" ] }, + { "not": { "required": [ "thread_id" ] } } + ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Packet header invalid" ] } } + }, + "then": { + "anyOf": [ + { "required": [ "raeson" ] }, + { "not": { "required": [ "thread_id" ] } } + ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Flow memory allocation failed" ] } } + }, + "then": { + "required": [ "thread_id", "size" ] + }, + + "if": { + "properties": { "error_event_name": { "enum": [ "Max flows to track reached" ] } } + }, + "then": { + "required": [ "thread_id", "current_active", "current_idle", "max_active", "max_idle" ] + }, + + "properties": { + "alias": { + "type": "string" + }, + "source": { + "type": "string" + }, + "thread_id": { + "type": "number" + }, + "packet_id": { + "type": "number", + "minimum": 0 + }, + "error_event_id": { + "type": "number", + "minimum": 0, + "maximum": 16 + }, + "error_event_name": { + "type": "string", + "enum": [ + "Unknown datalink layer packet", + "Unknown L3 protocol", + "Unsupported datalink layer", + "Packet too short", + "Unknown packet type", + "Packet header invalid", + "IP4 packet too short", + "Packet smaller than IP4 header", + "nDPI IPv4/L4 payload detection failed", + "IP6 packet too short", + "Packet smaller than IP6 header", + "nDPI IPv6/L4 payload detection failed", + "TCP packet smaller than expected", + "UDP packet smaller than expected", + "Captured packet size is smaller than expected packet size", + "Max flows to track reached", + "Flow memory allocation failed" + ] + }, + + "threshold_n": { + "type": "number", + "minimum": 1 + }, + + "threshold_n_max": { + "type": "number", + "minimum": 1, + "maximum": 65535 + }, + + "threshold_time": { + "type": "number" + }, + + "threshold_ts_usec": { + "type": "number" + }, + + "layer_type": { + "type": "number", + "minimum": 0 + }, + + "l4_data_len": { + "type": "number", + "minimum": 0 + }, + + "reason": { + "type": "string" + }, + + "protocol": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + + "size": { + "type": "number" + }, + "expected": { + "type": "number" + }, + + "current_active": { + "type": "number" + }, + "current_idle": { + "type": "number" + }, + "max_active": { + "type": "number" + }, + "max_idle": { + "type": "number" + }, + "global_ts_usec": { + "type": "number", + "minimum": 0 + } + }, + "additionalProperties": false +} diff --git a/schema/flow_event_schema.json b/schema/flow_event_schema.json new file mode 100644 index 000000000..b54a93a47 --- /dev/null +++ b/schema/flow_event_schema.json @@ -0,0 +1,1548 @@ +{ + "type": "object", + "required": [ + "alias", + "source", + "thread_id", + "packet_id", + "flow_event_id", + "flow_event_name", + "flow_id", + "flow_state", + "flow_src_packets_processed", + "flow_dst_packets_processed", + "flow_first_seen", + "flow_src_last_pkt_time", + "flow_dst_last_pkt_time", + "flow_idle_time", + "flow_src_min_l4_payload_len", + "flow_dst_min_l4_payload_len", + "flow_src_max_l4_payload_len", + "flow_dst_max_l4_payload_len", + "flow_src_tot_l4_payload_len", + "flow_dst_tot_l4_payload_len", + "l3_proto", + "l4_proto", + "midstream", + "thread_ts_usec", + "src_ip", + "dst_ip" + ], + + "if": { + "properties": { "flow_event_name": { "enum": [ "new", "end", "idle", "update" ] } } + }, + "then": { + "required": [ "flow_datalink", "flow_max_packets" ] + }, + + "if": { + "properties": { "flow_event_name": { "enum": [ "analyse" ] } } + }, + "then": { + "required": [ "data_analysis" ] + }, + + "if": { + "properties": { "flow_state": { "enum": [ "finished" ] } } + }, + "then": { + "required": [ "ndpi" ] + }, + + "if": { + "properties": { "flow_event_name": { "enum": [ "guessed", "detected", + "detection-update", "not-detected" ] } } + }, + "then": { + "required": [ "ndpi" ] + }, + + "properties": { + "alias": { + "type": "string" + }, + "source": { + "type": "string" + }, + "thread_id": { + "type": "number", + "minimum": 0, + "maximum": 31 + }, + "packet_id": { + "type": "number", + "minimum": 0 + }, + "flow_event_id": { + "type": "number", + "minimum": 0, + "maximum": 9 + }, + "flow_event_name": { + "type": "string", + "enum": [ + "invalid", + "new", + "end", + "idle", + "update", + "analyse", + "guessed", + "detected", + "detection-update", + "not-detected" + ] + }, + "flow_id": { + "type": "number", + "minimum": 1 + }, + "flow_state": { + "type": "string", + "enum": [ + "finished", + "info" + ] + }, + "flow_datalink": { + "type": "number", + "minimum": 0, + "maximum": 292 + }, + "flow_src_packets_processed": { + "type": "number", + "minimum": 0 + }, + "flow_dst_packets_processed": { + "type": "number", + "minimum": 0 + }, + "flow_max_packets": { + "type": "number", + "minimum": 0 + }, + "flow_first_seen": { + "type": "number", + "minimum": 0 + }, + "flow_src_last_pkt_time": { + "type": "number", + "minimum": 0 + }, + "flow_dst_last_pkt_time": { + "type": "number", + "minimum": 0 + }, + "flow_idle_time": { + "type": "number", + "minimum": 1 + }, + "flow_src_min_l4_payload_len": { + "type": "number", + "minimum": 0 + }, + "flow_dst_min_l4_payload_len": { + "type": "number", + "minimum": 0 + }, + "flow_src_max_l4_payload_len": { + "type": "number", + "minimum": 0 + }, + "flow_dst_max_l4_payload_len": { + "type": "number", + "minimum": 0 + }, + "flow_src_tot_l4_payload_len": { + "type": "number", + "minimum": 0 + }, + "flow_dst_tot_l4_payload_len": { + "type": "number", + "minimum": 0 + }, + "l3_proto": { + "type": "string", + "enum": [ + "ip4", + "ip6", + "unknown" + ] + }, + "l4_proto": { + "oneOf": [ + { + "type": "number" + }, + { + "type": "string", + "enum": [ + "tcp", + "udp", + "icmp", + "icmp6" + ] + } + ] + }, + "midstream": { + "type": "number", + "minimum": 0, + "maximum": 1 + }, + "thread_ts_usec": { + "type": "number", + "minimum": 0 + }, + "src_ip": { + "type": "string", + "anyOf" : [ + { "format": "ipv4" }, + { "format": "ipv6" } + ] + }, + "dst_ip": { + "type": "string", + "anyOf" : [ + { "format": "ipv4" }, + { "format": "ipv6" } + ] + }, + "src_port": { + "type": "number", + "minimum": 1, + "maximum": 65535 + }, + "dst_port": { + "type": "number", + "minimum": 1, + "maximum": 65535 + }, + "ndpi": { + "type": "object", + "required": [ "proto", "proto_id", "breed", "encrypted" ], + + "properties": { + "proto": { + "type": "string" + }, + "proto_id": { + "type": "string" + }, + "proto_by_ip": { + "type": "string" + }, + "proto_by_ip_id": { + "type": "number" + }, + "category": { + "type": "string", + "enum": [ + "Unspecified", "Media", "VPN", "Email", "DataTransfer", + "Web", "SocialNetwork", "Download", "Game", "Chat", "VoIP", + "Database", "RemoteAccess", "Cloud", "Network", "Collaborative", + "RPC", "Streaming", "System", "SoftwareUpdate", "Music", "Video", + "Shopping", "Productivity", "FileSharing", "ConnCheck", "IoT-Scada", + "VirtAssistant", "Cybersecurity", "AdultContent", "Mining", "Malware", + "Advertisement", "Banned_Site", "Site_Unavailable", "Allowed_Site", + "Antimalware", "Crypto_Currency", "Gambling" + ] + }, + "category_id": { + "type": "number" + }, + "encrypted": { + "type": "number", + "enum": [ + 0, + 1 + ] + }, + "breed": { + "type": "string", + "enum": [ + "Safe", "Acceptable", "Fun", "Unsafe", + "Potentially Dangerous", "Tracker/Ads", + "Dangerous", "Unrated" + ] + }, + "flow_risk": { + "type": "object", + "properties": { + "1": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "XSS Attack" ] }, + "severity": { "type": "string", "enum": [ "Severe" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "2": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "SQL Injection" ] }, + "severity": { "type": "string", "enum": [ "Severe" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "3": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "RCE Injection" ] }, + "severity": { "type": "string", "enum": [ "Severe" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "4": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Binary App Transfer" ] }, + "severity": { "type": "string", "enum": [ "Severe" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "5": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Known Proto on Non Std Port" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "6": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Self-signed Cert" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "7": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Obsolete TLS (v1.1 or older)" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "8": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Weak TLS Cipher" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "9": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "TLS Cert Expired" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "10": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "TLS Cert Mismatch" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "11": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "HTTP Susp User-Agent" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "12": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "HTTP/TLS/QUIC Numeric Hostname/SNI" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "13": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "HTTP Susp URL" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "14": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "HTTP Susp Header" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "15": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "TLS (probably) Not Carrying HTTPS" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "16": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Susp DGA Domain name" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "17": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Malformed Packet" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "18": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "SSH Obsolete Cli Vers/Cipher" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "19": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "SSH Obsolete Ser Vers/Cipher" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "20": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "SMB Insecure Vers" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "21": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "TLS Susp ESNI Usage" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "22": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Unsafe Protocol" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "23": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Susp DNS Traffic" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "24": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Missing SNI TLS Extn" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "25": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "HTTP Susp Content" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "26": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Risky ASN" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "27": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Risky Domain Name" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "28": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Malicious JA3 Fingerp." ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "29": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Malicious SSL Cert/SHA1 Fingerp." ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "30": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Desktop/File Sharing" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "31": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Uncommon TLS ALPN" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "32": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "TLS Cert Validity Too Long" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "33": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "TLS Susp Extn" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "34": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "TLS Fatal Alert" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "35": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Susp Entropy" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "36": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Clear-Text Credentials" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "37": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Large DNS Packet (512+ bytes)" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "38": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Fragmented DNS Message" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "39": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Non-Printable/Invalid Chars Detected" ] }, + "severity": { "type": "string", "enum": [ "High" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "40": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Possible Exploit Attempt" ] }, + "severity": { "type": "string", "enum": [ "Severe" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "41": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "TLS Cert About To Expire" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "42": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "IDN Domain Name" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "43": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Error Code" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "44": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Crawler/Bot" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "45": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Anonymous Subscriber" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "46": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Unidirectional Traffic" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "47": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "HTTP Obsolete Server" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "48": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Periodic Flow" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "49": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Minor Issues" ] }, + "severity": { "type": "string", "enum": [ "Low" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "50": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "TCP Connection Issues" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "51": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Fully Encrypted Flow" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "52": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "ALPN/SNI Mismatch" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + }, + "53": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Client Contacted A Malware Host" ] }, + "severity": { "type": "string", "enum": [ "Severe" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "54": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Binary File/Data Transfer (Attempt)" ] }, + "severity": { "type": "string", "enum": [ "Medium" ] }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "55": { + "type": "object", + "required": [ "risk", "severity", "risk_score" ], + "properties": { + "risk": { "type": "string", "enum": [ "Probing Attempt" ] }, + "severity": { "type": "string" }, + "risk_score": { + "type": "object", + "required": [ "total", "client", "server" ], + "properties": { + "total": { "type": "number", "minimum": 10, "maximum": 610 }, + "client": { "type": "number", "minimum": 5, "maximum": 485 }, + "server": { "type": "number", "minimum": 5, "maximum": 130 }, + "additionalProperties": false + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false + }, + "confidence": { + "type": "object", + "properties": { + "0": { + "type": "string", + "enum": [ "Unknown" ] + }, + "1": { + "type": "string", + "enum": [ "Match by port" ] + }, + "2": { + "type": "string", + "enum": [ "nBPF" ] + }, + "3": { + "type": "string", + "enum": [ "DPI (partial)" ] + }, + "4": { + "type": "string", + "enum": [ "DPI (partial cache)" ] + }, + "5": { + "type": "string", + "enum": [ "DPI (cache)" ] + }, + "6": { + "type": "string", + "enum": [ "DPI" ] + }, + "7": { + "type": "string", + "enum": [ "Match by IP" ] + }, + "8": { + "type": "string", + "enum": [ "DPI (aggressive)" ] + } + }, + "additionalProperties": false + }, + "entropy": { + "type": "number" + }, + "hostname": { + "type": "string" + }, + "collectd": { + "type": "object" + }, + "dhcp": { + "type": "object" + }, + "discord": { + "type": "object" + }, + "bittorrent": { + "type": "object" + }, + "mdns": { + "type": "object" + }, + "natpmp": { + "type": "object" + }, + "ntp": { + "type": "object" + }, + "ubntac2": { + "type": "object" + }, + "kerberos": { + "type": "object" + }, + "telnet": { + "type": "object" + }, + "tls": { + "type": "object" + }, + "quic": { + "type": "object" + }, + "imap": { + "type": "object" + }, + "http": { + "type": "object" + }, + "pop": { + "type": "object" + }, + "smtp": { + "type": "object" + }, + "dns": { + "type": "object" + }, + "ftp": { + "type": "object" + }, + "snmp": { + "type": "object" + }, + "ssh": { + "type": "object" + }, + "stun": { + "type": "object" + }, + "softether": { + "type": "object" + }, + "tftp": { + "type": "object" + }, + "tivoconnect": { + "type": "object" + }, + "rsh": { + "type": "object" + } + }, + "additionalProperties": false + }, + "data_analysis": { + "type": "object", + "required": [ "iat", "pktlen", "bins", "directions" ], + "properties": { + "iat": { + "type": "object", + "properties": { + "min": { + "type": "number" + }, + "avg": { + "type": "number" + }, + "max": { + "type": "number" + }, + "stddev": { + "type": "number" + }, + "var": { + "type": "number" + }, + "ent": { + "type": "number" + }, + "data": { + "type": "array", + "items": { + "type": "number" + } + } + }, + "additionalProperties": false + }, + "pktlen": { + "type": "object", + + "properties": { + "min": { + "type": "number" + }, + "avg": { + "type": "number" + }, + "max": { + "type": "number" + }, + "stddev": { + "type": "number" + }, + "var": { + "type": "number" + }, + "ent": { + "type": "number" + }, + "data": { + "type": "array", + "items": { + "type": "number" + } + } + }, + "additionalProperties": false + }, + "bins": { + "type": "object", + + "properties": { + "c_to_s": { + "type": "array", + "items": { + "type": "number" + } + }, + "s_to_c": { + "type": "array", + "items": { + "type": "number" + } + } + }, + "additionalProperties": false + }, + "directions": { + "type": "array", + "items": { + "type": "number" + } + }, + "entropies": { + "type": "array", + "items": { + "type": "number" + } + } + }, + "additionalProperties": false + } + }, + "additionalProperties": false +} diff --git a/schema/flow_events_diagram.drawio b/schema/flow_events_diagram.drawio new file mode 100644 index 000000000..a695a0f29 --- /dev/null +++ b/schema/flow_events_diagram.drawio @@ -0,0 +1 @@ +<mxfile host="Electron" modified="2022-09-19T13:55:43.441Z" agent="5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) draw.io/15.4.0 Chrome/91.0.4472.164 Electron/13.5.0 Safari/537.36" etag="X7uhVc0q2i6IsenfTJZ6" version="15.4.0" type="device"><diagram id="6zxcAsXRhzVs0osY5dHM" name="Page-1">7R1pc9o4+9cw03aGjPEFfKQcfXknTTIl2W4/7QhbBnWNTW0Dob9+JVm+ZGEuG5OUndkGP5Zl67n0XJIaSn/x+sUDy/lX14R2Q5bM14YyaMhyS2lr+A+BbEOIKjHAzEMma5QAJug3ZECJQVfIhH6mYeC6doCWWaDhOg40ggwMeJ67yTazXDv71iWYwRxgYgA7D/2OzGAeQjualMD/B9FsHr25JbE7CxA1ZgB/Dkx3kwIpw4bS91w3CH8tXvvQJsiL8BI+N9pxN/4wDzrBIQ/ov8b64GdvBH9uWk+fLWB8W5tNhX1bsI0GDE08fnbpesHcnbkOsIcJ9LPnrhwTkl4lfJW0uXfdJQa2MPAnDIItIyZYBS4GzYOFze7iD/a2f5Pn77To8gfrjl4MXjNXW3ZlrLw1fS/t5BUFqT7w1Y/UnaQHchF1YAJ/HneQxx9Dqe+uPINhA718GS/Uif9dUuY/e09P4DcaNSM+BN4Mskc344Ey+n8w+P3ya/X6tzWcPVqdZsTDBKWpNzDyfIHuAuLh4QYetEGA1lmWA4xzZ3G7+NEnF+FvliUmZUqHvSiSsYg7oy7CEbGnEhbpeR7YppotSQN/93vUlpZ9T5fjOP67utJZ7XW1uL2makXt8Y9whNFVCucJiEqJWGKKiL8G9orRqyHrNmaDz1P8YxZQzgoBlku/1nBt16NN9V8rN2ygSPg/y0qDwmcfHp+bg+HzsP88HMQde3zP+MvDznPg1Efwgm3bWGkSAd7MUQAnS0CZfIP1dlY8/cBz/421nUwGgmy7H49CGY2GWrcbt8zcIeMqEq419AL4WigNETfoWW5Q2tKdzAi+SVRxK5KyeUoN8wKQlqEUexxPfW0n9eetCPMjG6t5ooz3c4FhUHzluGC4hlQSxdRWeqk7yXsj4DICNFNfcRRz7vqsh+H3ozgwhPlL4GS+XQL4fwcSJD33n/AjLwPy77j/9YlM0SH6fAgdQuk5MuaU4pQ4U0gUrweMf7EeLxKPzEsT8PJyyBo+DI5BVowYipLInkGu45MRQ2+BHBBAv56xjAf3w5MGw4gZoAWhl+Su8HN9SkcDrHxKzDn0yN8NIAN1XKo2MHnJN7pO2IDSn7ay8DeHPRtYkQBEGoAFNkhoc4u9qh4kvTwNes9Ho0kHC6J/nalP/iAHj3BBEDF4GvvemiKNDNkleCKDXS4JnsCUopJiwnadWdMGfoCcWYzyPpUdl6LYhEHISjGaLeQgagolPcSok8CMEGFK+0c+nURC4QMGNVJqQW7voXf/Y3I8dvMaiMP40nPX2MWgdh8dfkgCwPAVIRq+Eq0TUJRZEAQrj8hiyHIpRv9gIh9MbdpsSQlmQgusbMb20IlublBA1FpDl5o9/M/Hq1JdX16Gk8nwaPWVRayNpoSJU6JNGRaPn/pwodmL2HXIohE7gi302gSDnhu4+MsJ3KGYB7ZN+ppiDRH1MiZzxxN2Qyjcp9hNcXwd+OMNuHMR6K8M6PvWyra38eAS4c1jq74xjx8fmmXowd24wALmR8NfuHRSEPGLCQKCnA/ACpgYJjoQ2B4EJkWl68CP9eBLZOiXgysHIjZZpDjFobPIbIX5KLGcRCM20ZoHCQ2sTDvO1cAWPoHnfIrIU3Aw2htZt4KBsO4zyDSmDLTk6pnGFZoycSxEvouLnQqqf5XBHJkmthv5IEUJ7kgUxol8zcg7Sbki2EPJuyJKZb5Ia7czMs3QI2I9xp/ENvNm0w8SZWkyLaV+fWzIIcIkwolNCywQVjr0mZjPMFcrKqEvtNcwQAbI3cl24tNAEOmi1Vq+cvfCr+yFLLoAdnzbhgEW3WbMEYImhM+aCNOZUJXcl1Ld05t40nZ8alKx5x0YN9i4npntnj7OC+o5Qs6r5ESSEtEs08dngrfHwQc2mmEZGRgYb1hPlCIeWjsrH7JAProC8VBLkA5x8K1zQmgzE2E8P87JQpTR7/0BylMjo5nApiAqI6sttYjO6ZCnGJsHhjzlSiKexwYqNbWdZcZOcSBR5wKJXPuzA4lilHbrZ9Bq2S0O0R/M/6UyaFH4tmYGVTtKluH2RMb5yDvXvhoGjRNX75ZBq9eHylWwm6xx7KNoF9BvRdZpCYmSI2PR5WRD1IYgGzIaibMh3a7aLysbovL2Vesw+6oM70NMXq1+7XBCCjilUbpaVqfcKXu0ym5FktE39KEn6CGMaGJenzmzyQeqmoqyzcfqGp1jVGWf7cW117uX0E3t62Het+8cHMqhnetg0JZyFINqulbUviLbS66fQSthN0naVyFQGrvJpdv6Z02YcrX20Cmx5JONouKCkHTpyAn65nCjSJe4uUap2ShSqqXxCXm5kuze2qqAYju3uAroolTWi6h8i7tfQdx95aTzzFFymY+0p9KFJL1Hksv5xPLjt+f3EqOPJYILc+4tp9OrkqT2TZLemSS9D0nhK6oV6UBJUboVSQo2mY53CCrJYCXRFrGbmvFCDs0UpKIyOh+VkTp7PI6SAy6dA/2LS5X3a3xZfFfJdhF+6dnl/TpXcK22M5GYve0vErmRT1mxUpFj3Gpck1t8KNtemVvcuYRbPH58yE9N2Tq1Cy+yuBIPWuPKmuKlQ3X5Vt2bRXjlFiEruiwsbQLI9t+LLajxEYgusYAOEZLqapukapVmaulKrWvP1Lyi7PdZtrUMynLhQ13gD182p1qYM79pvyvQfuHqrNFYYE+QCmseFjb/Nnk3MSSd04aaWrPMyIUyc74uTC99e8/KUJWzaU6tbktQVm/K8MqVIVkwSJfH8eLxAc7uwnfSpb2SSDX6AaCBRawiP74X7aiqWe2otvW6bUW5cJXI4TxgWWesehXStXQNKUhSDrvDwajTKEpSHrYpyAE8UJBVqUpx+v+oltNbTJp/OQFwtH+cx3spKjSoa0+XRiZ6GwdzD9nTJVtGd0J1307y7Y2esbDi1QR9Fc430fgc3I49XfK1v53OXasjtbpqR9V1id8zRdPbd1qbVE6obUlR9GpCy3wBclsqN1QslIPCYgyB/VCKRXCd03oWhoTDJ6nvGdUDTc6SotQT2lKnGBOWRaaSNGgXLRLDqiMaInPF7h+/T/ZbC+igKekNmRoyXzcrKAjvCKYdpapp59jVqJUb4G9EFFnIjez4Q+aVBQrY2n5nu2F7o4Bogw66FcqS7izXK2TkuF9S2EKXSkgh8kM8suaS2LktfkYYHIw2XqDr69fAQ+5KEAA2XMdEbE+b+qTQhlbSy1ky2OKCIbLAZxaWCcTAc6RQuKFfK4ecm/FXmvFXfup0h7nElZyrSlL0eKz9x6cv2i2uo4pMPK1drokn5Hb5NuecMeewvVFygRk32UErgXL7ar0/e4rPhCv5wI1akRsv5O1jw5839+VtuS8Pjw/NP9yF4QrbRLmkqlwYocjdXJjbdFJWBXE7uwWJGi05rWs6OXbRym06eVvTyZ89lShaVtzimum6ppJjV7bcxO1tiVtsvfHy88dKYIc/HCDvP100Hn1NkbDGEXGwN3CwRX1LCIS69tia8ZuufaO69o81b/hKZUWwu+ZFzZviSuXzq4oO2+69trKibpfs+tW4ZFmRql5u1wMxyW/B9jISvH74JzxVIDzOAmIuIJRmZwhEW5aT/cst9BomgzNnXBhgSQ4gMJNnwiMz6FEhbozMZH/wnGL0V8tluGX+13vSPbZxtj7y73ZLVgJ5cANGjU+fBuNJ7/M92ZJEmoZ709PTDj59qlPzVpfgVSVFUM+5I8WrVCWIojAlhzB/DpbkJ7Ys7e1nLzxQZS8CE/O3GnTy54FJeVzKIlQqWlWoFEXF3iIqRZUHQlRWV3iQX8hLTmwgOorUk7BDsSA72EryjTkkh6wYu2T90BMD0mtqsVphnpmsRtesY3KfYBdPNnaPUWOBTJO6fZUkN7IEaglyG7rovIAyCsHFBNrtJjELba91nl/fsGFfnp56d02P8eSzviMzqYy/SOrKEv0owiIDbCoAegDUX9D7vcLGGrthshsqQT+9cYcC0ay2c4r5M1hM7xzGYvLxLIYvk5NKw+qN5LxXZfgf</diagram></mxfile>
\ No newline at end of file diff --git a/schema/flow_events_diagram.png b/schema/flow_events_diagram.png Binary files differnew file mode 100644 index 000000000..61f9c3e27 --- /dev/null +++ b/schema/flow_events_diagram.png diff --git a/schema/packet_event_schema.json b/schema/packet_event_schema.json new file mode 100644 index 000000000..4395b4ab2 --- /dev/null +++ b/schema/packet_event_schema.json @@ -0,0 +1,122 @@ +{ + "type": "object", + "required": [ + "alias", + "source", + "packet_id", + "packet_event_id", + "packet_event_name", + "pkt_datalink", + "pkt_caplen", + "pkt_type", + "pkt_l3_offset", + "pkt_l4_offset", + "pkt_len", + "pkt_l4_len", + "thread_ts_usec" + ], + + "dependencies" : { + "flow_id" : [ "flow_packet_id", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time" ] + }, + + "if": { + "properties": { "packet_event_name": { "enum": ["packet-flow"] } } + }, + "then": { + "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time" ] + }, + "else": { + "not": { "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_src_last_pkt_time", "flow_dst_last_pkt_time", "flow_idle_time" ] } + }, + + "properties": { + "alias": { + "type": "string" + }, + "source": { + "type": "string" + }, + "thread_id": { + "type": "number" + }, + "packet_id": { + "type": "number", + "minimum": 0 + }, + "packet_event_id": { + "type": "number", + "minimum": 0, + "maximum": 2 + }, + "packet_event_name": { + "type": "string", + "enum": [ + "invalid", + "packet", + "packet-flow" + ] + }, + "flow_id": { + "type": "number", + "minimum": 1 + }, + "flow_packet_id": { + "type": "number" + }, + "flow_src_last_pkt_time": { + "type": "number", + "minimum": 0 + }, + "flow_dst_last_pkt_time": { + "type": "number", + "minimum": 0 + }, + "flow_idle_time": { + "type": "number", + "minimum": 1 + }, + "pkt_datalink": { + "type": "number", + "minimum": 0, + "maximum": 292 + }, + "pkt_caplen": { + "type": "number", + "minimum": 1, + "maximum": 65535 + }, + "pkt_type": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "pkt_l3_offset": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "pkt_l4_len": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "thread_ts_usec": { + "type": "number", + "minimum": 0 + }, + "pkt_l4_offset": { + "type": "number", + "minimum": 0, + "maximum": 65535 + }, + "pkt_len": { + "type": "number", + "minimum": 0 + }, + "pkt": { + "type": "string" + } + }, + "additionalProperties": false +} |
